RFE: Add support for creating a macsec netdev and configure equivalent interface in systemd-networkd #5754
Closed
1 of 2 tasks
Comments
gkarakou
changed the title
|
We need the generic netlink to be in first #5593. This work should be on top of that. |
|
I have patches need some time to complete these. |
|
I have started working on this again. My WIP branch. |
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 2, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecSecureAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 2, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecSecureAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
|
@gkarakou I have opened a PR now could please test. |
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 2, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 2, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 2, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 2, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 3, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACSEC] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754
ssahani
pushed a commit
to ssahani/systemd
that referenced
this issue
Apr 4, 2019
This work introduces MACsec to networkd. Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. 11-macsec.netdev ``` [NetDev] Name=macsec-test Kind=macsec [MACsec] Port=11 [MACsecReceiveAssociation] Port=1234 MACAddress=c6:19:52:8f:e6:a0 PacketNumber=1 KeyId=00 Key=82828282828282828282828282828282 [MACsecReceiveChannel] Port=1234 MACAddress=c6:19:52:8f:e6:a0 [MACsecTransmitAssociation] PacketNumber=1024 KeyId=01 Key=81818181818181818181818181818181 ``` closes systemd#5754 aaa
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 4, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 5, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 5, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 5, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 5, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
yuwata
pushed a commit
to yuwata/systemd
that referenced
this issue
Apr 10, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
edevolder
pushed a commit
to edevolder/systemd
that referenced
this issue
Jun 26, 2019
Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks. Closes systemd#5754
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submission type
systemd version the issue has been seen with
latest
Used distribution
fedora 25
It would be a useful addition to add suport for a macsec netdev in systemd-networkd.
Since support for macsec(IEEE 802.1AE) is already added in kernel (from 4.6 kernel series[1] ) as a loadable module, fedora doesn't come with a patched iproute package[2] to support macsec and also lacks interface configuration from systemd-networkd.
Therefore it would be wise to implement support for an IEEE standard[3].
Sources:
[1]https://kernelnewbies.org/Linux_4.6
[2] http://man7.org/linux/man-pages/man8/ip-macsec.8.html
[3] https://standards.ieee.org/findstds/standard/802.1AE-2006.html
Some references of interest:
https://en.wikipedia.org/wiki/IEEE_802.1AE
https://developers.redhat.com/blog/2016/10/14/macsec-a-different-solution-to-encrypt-network-traffic/
The text was updated successfully, but these errors were encountered: